icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CoDeSys Gateway Service Unprotected (SCADA)

Info

Synopsis

The remote host is running a SCADA data gateway service that is not protected by a password

Description

PVS has detected a login to the remote CoDeSys SCADA Gateway service of which is not protected by a password. A remote, unauthenticated attacker could potentially use this service to access, and control associated SCADA devices.

Solution

Set a password for the Gateway Service. Ensure that access to this server is restricted to only trusted hosts/networks